Motivation: Some users already use an SSLEngine implementation in finagle-native. It wraps OpenSSL to get higher SSL performance. However, to take advantage of it, finagle-native must be compiled manually, and it means we cannot pull it in as a dependency and thus we cannot test our SslHandler against the OpenSSL-based SSLEngine. For an instance, we had #2216. Because the construction procedures of JDK SSLEngine and OpenSslEngine are very different from each other, we also need to provide a universal way to enable SSL in a Netty application. Modifications: - Pull netty-tcnative in as an optional dependency. http://netty.io/wiki/forked-tomcat-native.html - Backport NativeLibraryLoader from 4.0 - Move OpenSSL-based SSLEngine implementation into our code base. - Copied from finagle-native; originally written by @jpinner et al. - Overall cleanup by @trustin. - Run all SslHandler tests with both default SSLEngine and OpenSslEngine - Add a unified API for creating an SSL context - SslContext allows you to create a new SSLEngine or a new SslHandler with your PKCS#8 key and X.509 certificate chain. - Add JdkSslContext and its subclasses - Add OpenSslServerContext - Add ApplicationProtocolSelector to ensure the future support for NPN (NextProtoNego) and ALPN (Application Layer Protocol Negotiation) on the client-side. - Add SimpleTrustManagerFactory to help a user write a TrustManagerFactory easily, which should be useful for those who need to write an alternative verification mechanism. For example, we can use it to implement an unsafe TrustManagerFactory that accepts self-signed certificates for testing purposes. - Add InsecureTrustManagerFactory and FingerprintTrustManager for quick and dirty testing - Add SelfSignedCertificate class which generates a self-signed X.509 certificate very easily. - Update all our examples to use SslContext.newClient/ServerContext() - SslHandler now logs the chosen cipher suite when handshake is finished. Result: - Cleaner unified API for configuring an SSL client and an SSL server regardless of its internal implementation. - When native libraries are available, OpenSSL-based SSLEngine implementation is selected automatically to take advantage of its performance benefit. - Examples take advantage of this modification and thus are cleaner.
1035 lines
36 KiB
1035 lines
36 KiB
<?xml version="1.0" encoding="UTF-8"?>
~ Copyright 2012 The Netty Project
~ The Netty Project licenses this file to you under the Apache License,
~ version 2.0 (the "License"); you may not use this file except in compliance
~ with the License. You may obtain a copy of the License at:
~ http://www.apache.org/licenses/LICENSE-2.0
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
~ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
~ License for the specific language governing permissions and limitations
~ under the License.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
Netty is an asynchronous event-driven network application framework for
rapid development of maintainable high performance protocol servers and
<name>The Netty Project</name>
<name>Apache License, Version 2.0</name>
<name>The Netty Project Contributors</name>
<organization>The Netty Project</organization>
-dsa -da -ea:io.netty...
<!-- Our Javadoc has poor enough quality to fail the build thanks to JDK8 javadoc which got more strict. -->
Netty must be released from RHEL 6.5 x86_64 or compatible so that:
1) we ship x86_64 version of epoll transport officially, and
2) we ensure the ABI compatibility with older GLIBC versions.
The shared library built on a distribution with newer GLIBC
will not run on older distributions.
Release process must be performed on linux-x86_64.
Release process must be performed on RHEL 6.5 or its derivatives.
<content>release 6.5</content>
<test.jvm.argLine.coverage></test.jvm.argLine.coverage> <!-- Set when 'coverage' profile is active -->
-dsa -da -ea:io.netty...
<!-- Byte code generator - completely optional -->
<!-- JBoss Marshalling - completely optional -->
<!-- SPDY Example - completely optional -->
<!-- Google Protocol Buffers - completely optional -->
<!-- Our own Tomcat Native fork - completely optional, used for acclerating SSL with OpenSSL. -->
Bouncy Castle - completely optional, only needed when:
- you generate a temporary self-signed certificate using SelfSignedCertificate, and
- you don't use the JDK which doesn't provide sun.security.x509 package.
<!-- Metrics providers -->
<!-- Common test dependencies -->
<!-- Test dependencies for jboss marshalling encoder/decoder -->
<!-- Test dependencies for microbench -->
<!-- Enable Javassist support for all test runs -->
<!-- Testing frameworks and related dependencies -->
<!-- Enforce java 1.7 as minimum for compiling -->
<!-- This is needed because of java.util.zip.Deflater and NIO UDP multicast-->
<!-- XXX: maven-release-plugin complains - MRELEASE-715 -->
<Xlint:-options />
<Xlint:unchecked />
<Xlint:deprecation />
<!-- ensure that only methods available in java 1.6 can
be used even when compiling with java 1.7+ -->
<!-- Used for NIO UDP multicast -->
<!-- Self-signed certificate generation -->
<argLine>${test.jvm.argLine.coverage} ${test.jvm.argLine}</argLine>
<!-- always produce osgi bundles -->
<!-- enforce JVM vendor package as optional -->
<!-- override "internal" private package convention -->
~ Add generated MANIFEST.MF.
~ See https://github.com/netty/netty/issues/2058
~ This workaround prevents Maven from executing the 'generate-sources' phase twice.
~ See http://jira.codehaus.org/browse/MSOURCES-13
~ and http://blog.peterlynch.ca/2010/05/maven-how-to-prevent-generate-sources.html
<arguments>-P restricted-release,sonatype-oss-release,full</arguments>
<!-- Ensure to put maven-antrun-plugin at the end of the plugin list
so that they are run lastly in the same phase. -->
<!-- Generate the version properties for all artifacts. -->
<taskdef resource="net/sf/antcontrib/antlib.xml" />
<!-- Get the information about the latest commit -->
<exec executable="git" outputproperty="gitOutput.shortCommitHash" resultproperty="gitExitCode.shortCommitHash" failonerror="false" failifexecutionfails="false">
<arg value="log" />
<arg value="-1" />
<arg value="--format=format:%h" />
<equals arg2="0" arg1="${gitExitCode.shortCommitHash}" />
<property name="shortCommitHash" value="${gitOutput.shortCommitHash}" />
<property name="shortCommitHash" value="0" />
<exec executable="git" outputproperty="gitOutput.longCommitHash" resultproperty="gitExitCode.longCommitHash" failonerror="false" failifexecutionfails="false">
<arg value="log" />
<arg value="-1" />
<arg value="--format=format:%H" />
<equals arg2="0" arg1="${gitExitCode.longCommitHash}" />
<property name="longCommitHash" value="${gitOutput.longCommitHash}" />
<property name="longCommitHash" value="0000000000000000000000000000000000000000" />
<exec executable="git" outputproperty="gitOutput.commitDate" resultproperty="gitExitCode.commitDate" failonerror="false" failifexecutionfails="false">
<arg value="log" />
<arg value="-1" />
<arg value="--format=format:%cd" />
<arg value="--date=iso" />
<equals arg2="0" arg1="${gitExitCode.commitDate}" />
<property name="commitDate" value="${gitOutput.commitDate}" />
<property name="commitDate" value="1970-01-01 00:00:00 +0000" />
<exec executable="git" outputproperty="gitOutput.repoStatus" resultproperty="gitExitCode.repoStatus" failonerror="false" failifexecutionfails="false">
<arg value="status" />
<arg value="--porcelain" />
<equals arg2="0" arg1="${gitExitCode.repoStatus}" />
<equals arg2="" arg1="${gitOutput.repoStatus}" />
<property name="repoStatus" value="clean" />
<property name="repoStatus" value="dirty" />
<property name="repoStatus" value="unknown" />
<!-- Print the obtained commit information. -->
<echo>Current commit: ${shortCommitHash} on ${commitDate}</echo>
<!-- Generate the .properties file. -->
<property name="metaInfDir" value="${project.basedir}/src/main/resources/META-INF" />
<property name="metaInfDir" value="${project.build.outputDirectory}/META-INF" />
<property name="versionPropFile" value="${metaInfDir}/${project.groupId}.versions.properties" />
<mkdir dir="${metaInfDir}" />
<delete file="${versionPropFile}" quiet="true" />
<propertyfile file="${versionPropFile}" comment="Generated by netty-parent/pom.xml">
<entry key="${project.artifactId}.version" value="${project.version}" />
<entry key="${project.artifactId}.buildDate" type="date" value="now" pattern="yyyy-MM-dd HH:mm:ss Z" />
<entry key="${project.artifactId}.commitDate" value="${commitDate}" />
<entry key="${project.artifactId}.shortCommitHash" value="${shortCommitHash}" />
<entry key="${project.artifactId}.longCommitHash" value="${longCommitHash}" />
<entry key="${project.artifactId}.repoStatus" value="${repoStatus}" />
<!-- Provides the 'requireFilesContent' enforcer rule. -->
<!-- keep surefire and failsafe in sync -->
<!-- keep surefire and failsafe in sync -->
<!-- Do NOT upgrade -->
<!-- Workaround for the 'M2E plugin execution not covered' problem.
See: http://wiki.eclipse.org/M2E_plugin_execution_not_covered -->
<ignore />
<ignore />